Vulnerabilities > CVE-2008-3805 - Unspecified vulnerability in Cisco IOS

047910
CVSS 8.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
COMPLETE
network
low complexity
cisco
nessus
NVD
Published: 2008-09-26
Updated: 2022-06-02

Summary

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.

Vulnerable Configurations

Part Description Count
OS
Cisco
11

Nessus

NASL familyCISCO
NASL idCISCO-SA-20080924-IPCHTTP.NASL
descriptionCisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
last seen2020-06-01
modified2020-06-02
plugin id49020
published2010-09-01
reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49020
titleCisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability - Cisco Systems

Oval

accepted2010-06-14T04:00:04.610-04:00
classvulnerability
contributors
  • nameYuzheng Zhou
    organizationHewlett-Packard
  • nameKASHIF LATIF
    organizationDTCC
descriptionCisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.
familyios
idoval:org.mitre.oval:def:5910
statusaccepted
submitted2008-09-24T11:06:36.000-04:00
titleCisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability
version7

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31363 CVE ID: CVE-2008-3805 CNCVE ID:CNCVE-20083805 Cisco 10000, uBR10012和uBR7200系列设备使用基于UDP的IPC通道,这个通道使用127.0.0.0/8范围的地址和UDP 1975端口。Cisco 10000, uBR10012和uBR7200系列设备运行受此漏洞影响的Cisco IOS会去处理从设备外部发送给UDP 1975端口的IPC消息。这种行为可导致攻击者发送大量数据包导致设备,线路卡重载,造成拒绝服务攻击。 此漏洞的Cisco bug ID为CSCsg15342和CSCsh29217,CVE ID为CVE-2008-3804。 Cisco IOS 12.4 Cisco IOS 12.3XI Cisco IOS 12.3T Cisco IOS 12.3BC Cisco IOS 12.2ZX Cisco IOS 12.2SRC Cisco IOS 12.2SCA Cisco IOS 12.2SB Cisco IOS 12.0SZ Cisco IOS 12.0ST Cisco IOS 12.0SL Cisco IOS 12.0S Cisco IOS 12.0(32)S 可参考如下安全公告获得补丁信息: <a href=http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml target=_blank>http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml</a>
idSSV:4107
last seen2017-11-19
modified2008-09-26
published2008-09-26
reporterRoot
titleCisco IOS远程IPC拒绝服务漏洞

References